Thursday, 8 December 2005

eBay phishing saga; in summary...

(VRSN)(EBAY)Last week I noted a problem reporting a phishing email to eBay. I'm pleased to report that the phishing website -- ebaychristmas.net -- is now down. However, I'm not pleased to report how long it took. The detail behind the delay is instructive...

From first report to takedown took 13 days (November 25 to December 7), which is simply unacceptable. However, despite the hilarious response from their "Trust and Safety Department," you should note that eBay wasn't the main factor in this delay. Indeed, the company claims that it first started takedown proceedings on November 8.

The main issue was that the phishing webserver was hosted on a botnet of virus-compromised PCs. The DNS entry for the web site served up a sequence of IP addresses, so that requests for the webpage could go to one of many machines. In other words, taking down "the website" wasn't an option.

Removing the DNS entry was the only practical takedown option. However, the DNS registrar for the domain -- Joker.com, a small company based in Switzerland -- was completely unresponsive to all requests to investigate. Finally, it seems Verisign -- the controller of the .net top-level domain stepped in and removed authority for ebaychristmas.net away from Joker.com. Now requests for the web site come back "no such host."

This sorry saga illustrates the fact that it's important for domain registrars to act quickly and responsibly when abuses such as phishing are brought to their attention. Authorities upstream of the registrar need to be able to exercise some sort of leverage if they don't act.

1 comment:

Anonymous
said...

I was on eBay yesterday and several auctions they have up are loaded with trojans, when you click the link to go into the auction it loads up trojans on your pc and redirects you to a fake sign up page, all on eBay's servers. I called and wrote eBay about this problem, they responded there is nothing they can do and tried to redirect me to a different dept. You'd think they'd want to get on top of it right away. Below is there responce by email, I personally think eBay is getting to large for there own good,

Hello,

Thank you for taking the time to contact us with this information.

We are concerned about violations on our site and strive to thoroughly investigate each report we receive. Unfortunately, we are only able to accept reports of this nature through our Rules and Safety Web Form.

This form will help us classify and investigate the matter in a timelierfashion. Please be aware that in order to use this form, you must have the specific item number of a questionable listing. We cannot accept reports of eBay User Ids, search results, or URLs.

To resubmit your report, please choose the appropriate policy from the following Listing Policies page:

http://pages.ebay.com/help/policies/listing-ov.html

For information on infringing or illegal items or for information on other eBay listing guidelines, please view the following URL:

http://pages.ebay.com/help/sell/item_allowed.html

You may also want to review our current policies at the following URL:

http://pages.ebay.com/help/policies/listing-ov.html

These policies are reviewed and updated from time to time, so please be sure to double check on terms or policies that you may not be familiar with.

We appreciate your continued help in keeping eBay a safe and fair place to trade. Thank you for being part of the eBay community!

Regards,

The eBay Community Watch Team_____________________________________________

Whether you're new to eBay or an experienced buyer and seller, the eBay Security & Resolution Center can help you protect yourself on eBay and online. For more information, please click the "Security Center" link atthe bottom of most eBay pages._____________________________________________